{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "2f425878b6a71571341dcd3f9e9d1a6f6355da9c"
            },
            {
              "fixed": "b9abb760db20504240a7147f27934d900cd80b23"
            },
            {
              "fixed": "3a72c7dedc99b321e0f267e4e999e5baf07c4593"
            },
            {
              "fixed": "99e17b20fddac19a228d213e00f6b9e1c10daff9"
            },
            {
              "fixed": "243f71ed873ff3feeb6f9b5cb145d63f7188b4c4"
            },
            {
              "fixed": "063a6f22478ef929625000a2caf54667725c1dfd"
            },
            {
              "fixed": "d75ec4504a4340b033b15cad0303988b3089dd93"
            },
            {
              "fixed": "8dff54fe88c0dcd4c55bff9fc2fa6ca968290826"
            },
            {
              "fixed": "f9c206cdc4266caad6a9a7f46341420a10f03ccb"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.30"
            },
            {
              "fixed": "5.10.252"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.11.0"
            },
            {
              "fixed": "5.15.202"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.16.0"
            },
            {
              "fixed": "6.1.165"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.6.128"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.7.0"
            },
            {
              "fixed": "6.12.75"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.14"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "6.19.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45983.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: never defer requests during idmap lookup\n\nDuring v4 request compound arg decoding, some ops (e.g. SETATTR)\ncan trigger idmap lookup upcalls. When those upcall responses get\ndelayed beyond the allowed time limit, cache_check() will mark the\nrequest for deferral and cause it to be dropped.\n\nThis prevents nfs4svc_encode_compoundres from being executed, and\nthus the session slot flag NFSD4_SLOT_INUSE never gets cleared.\nSubsequent client requests will fail with NFSERR_JUKEBOX, given\nthat the slot will be marked as in-use, making the SEQUENCE op\nfail.\n\nFix this by making sure that the RQ_USEDEFERRAL flag is always\nclear during nfs4svc_decode_compoundargs(), since no v4 request\nshould ever be deferred.",
  "id": "CVE-2026-45983",
  "modified": "2026-07-08T05:36:32.819145896Z",
  "published": "2026-05-27T12:18:41.619Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/063a6f22478ef929625000a2caf54667725c1dfd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/243f71ed873ff3feeb6f9b5cb145d63f7188b4c4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3a72c7dedc99b321e0f267e4e999e5baf07c4593"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8dff54fe88c0dcd4c55bff9fc2fa6ca968290826"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/99e17b20fddac19a228d213e00f6b9e1c10daff9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b9abb760db20504240a7147f27934d900cd80b23"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d75ec4504a4340b033b15cad0303988b3089dd93"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f9c206cdc4266caad6a9a7f46341420a10f03ccb"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45983.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45983"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "summary": "nfsd: never defer requests during idmap lookup"
}